[PATCH] SSL: make ssl_password_file work with recent OpenSSL releases

Piotr Sikora piotr at cloudflare.com
Thu Oct 30 04:14:01 UTC 2014

Previous message: [PATCH] SSL: make ssl_password_file work with recent OpenSSL releases
Next message: [PATCH] SSL: make ssl_password_file work with recent OpenSSL releases
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

> Are you also looking to have a fix for the POODLE vulnerability?

The only fix for the POODLE vulnerability is to disable SSLv3 (I'm
going to send a patch for that in a moment).

However, if you meant TLS_FALLBACK_SCSV, then it's not needed, because
nginx doesn't do "downgrade dance".

Best regards,
Piotr Sikora

Previous message: [PATCH] SSL: make ssl_password_file work with recent OpenSSL releases
Next message: [PATCH] SSL: make ssl_password_file work with recent OpenSSL releases
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the nginx-devel mailing list